You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: defender-endpoint/threat-analytics.md
+6-11Lines changed: 6 additions & 11 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -19,7 +19,7 @@ ms.custom:
19
19
- cx-ta
20
20
ms.topic: conceptual
21
21
ms.subservice: edr
22
-
ms.date: 10/18/2024
22
+
ms.date: 11/12/2024
23
23
---
24
24
25
25
# Track and respond to emerging threats through threat analytics
@@ -60,21 +60,16 @@ Each report provides an analysis of a tracked threat and extensive guidance on h
60
60
61
61
## Required roles and permissions
62
62
63
-
The following table outlines the roles and permissions required to access threat analytics. Roles defined in the table refer to custom roles in individual portals and aren't connected to global roles in Microsoft Entra ID, even if similarly named.
63
+
The following roles and permissions are required to access Threat analytics in the Defender portal:
64
+
-**Security data basics (read)**—to view threat analytics report, related incidents and alerts, and impacted assets
65
+
-**Vulnerability management (read)** and **Secure Score (read)**—to see related exposure data and recommended actions
64
66
65
-
|**One of the following roles are required for Microsoft Defender XDR**|**One of the following roles are required for Microsoft Defender for Endpoint**|**One of the following roles are required for Microsoft Defender for Office 365**|**One of the following roles are required for Microsoft Defender for Cloud Apps and Microsoft Defender for Identity**|**One of the following roles is required for Microsoft Defender for Cloud**|
By default, access to services available in the Defender portal are managed collectively using [Microsoft Entra global roles](/defender-xdr/m365d-permissions). If you need greater flexibility and control over access to specific product data, and aren't yet using the [Microsoft Defender XDR Unified role-based access control (RBAC)](/defender-xdr/manage-rbac) for centralized permissions management, we recommend creating custom roles for each service. [Learn more about creating custom roles](/defender-xdr/custom-roles)
68
68
69
69
>[!IMPORTANT]
70
70
> Microsoft recommends that you use roles with the fewest permissions. This helps improve security for your organization. Global Administrator is a highly privileged role that should be limited to emergency scenarios when you can't use an existing role.
71
71
>
72
-
> You'll have visibility to all threat analytics reports even if you have just one of the products and its corresponding roles described in the previous table. However, you're required to have each product and roles to see that product’s specific incidents, assets, exposure, and recommended actions associated with the threat.
73
-
74
-
Learn more:
75
-
-[Custom roles in role-based access control for Microsoft Defender XDR](/defender-xdr/custom-roles)
76
-
-[Microsoft Defender XDR Unified role-based access control (RBAC)](/defender-xdr/manage-rbac)
77
-
72
+
> You'll have visibility to all threat analytics reports even if you have just one of the products supported. However, you're required to have each product and role to see that product’s specific incidents, assets, exposure, and recommended actions associated with the threat.
0 commit comments